Date: 10-11-2024

Using slapadd

Overview

The slapadd utility is part of OpenLDAP’s suite of tools for managing directory data. It allows administrators to add large amounts of data directly to an OpenLDAP database by bypassing the LDAP protocol itself. This makes it ideal for bulk imports or initial population of a database. However, because slapadd modifies the database files directly, it must be used with caution and when the LDAP server (slapd) is not running.

This article provides guidance on how to use slapadd to safely import LDIF files into an OpenLDAP database.

Backup Important Data: It is strongly recommended that you create a backup of your configuration before making changes: LDAP Database Backup. 

Prerequisites

Before using slapadd, ensure the following:

• The OpenLDAP service (slapd) is stopped to prevent conflicts. slapadd writes directly to the database files, which could cause corruption if the service is running.

sudo systemctl stop slapd

• You have the necessary administrative privileges to access the OpenLDAP database files and the configuration file (slapd.conf or slapd.d directory).
• The LDIF file you plan to import is correctly formatted and validated.
• The database backend has been properly set up.

Usage Syntax

The basic syntax of slapadd is:

slapadd <options>

Common Options:

• -f <file>: Specify the configuration file (usually slapd.conf).
• -F <directory>: Specify the configuration directory (usually /etc/openldap/slapd.d).
• -n <dbnum>: Specify the database number to which the LDIF file should be added. The database number corresponds to the one defined in your configuration.
• -l <file>: Specify the path to the LDIF file to be imported.
• -q: Quick mode (bypasses database consistency checks for speed; use with caution).
• -v: Enable verbose output for progress information.
• -c: Continue on errors. Entries with errors are skipped, and processing continues with the next entry.

Step-by-Step Instructions

Step 1: Stopping the LDAP Server

Since slapadd modifies database files directly, make sure the LDAP server is not running:

sudo systemctl stop slapd

Step 2: Preparing the LDIF File

Ensure your LDIF file is well-formed and does not contain errors. This step is crucial to prevent issues during import.

Step 3: Running slapadd

Use slapadd to add entries from your LDIF file. The command syntax depends on whether you're using the slapd.conf or the slapd.d configuration directory.

If using slapd.conf:

sudo slapadd -f /etc/openldap/slapd.conf -l /path/to/file.ldif -n <dbnum>

If using the configuration directory (slapd.d):

sudo slapadd -F /etc/openldap/slapd.d -l /path/to/file.ldif -n <dbnum>

Example:

To add data from an LDIF file into database 1:

sudo slapadd -F /etc/openldap/slapd.d -l /tmp/data.ldif -n 1 -v

Step 4: Adjusting Permissions

After running slapadd, you may need to reset the permissions of the database files to ensure slapd can access them. Run the following:

sudo chown -R ldap:ldap /var/lib/openldap

Step 5: Starting the LDAP Server

Once the data has been successfully added, restart the LDAP server:

sudo systemctl start slapd

Performance Considerations

Quick Mode (-q): This option can speed up the import process, especially for large datasets, by skipping certain consistency checks. However, it should be used with caution as it might lead to database inconsistencies if the LDIF file is not well-formed.

Multiple Databases: If your configuration defines multiple databases, you need to use the -n option to specify the target database for the import.

Backup: Always back up your OpenLDAP database before running slapadd, especially when using the -q option.

Troubleshooting

Error: Database corruption: If slapadd fails due to a corrupted database, restore from a backup or use the slapcat utility to export the database before attempting a re-import.

Permission errors: Ensure that the OpenLDAP database files are owned by the correct user and group (ldap:ldap).

Server fails to start: Verify the integrity of your database files and the configuration files if slapd fails to start after using slapadd.

Conclusion

slapadd is a powerful utility for importing large amounts of data into OpenLDAP databases efficiently. Ensure the LDAP server is stopped before use and the LDIF file is well-formed to avoid issues. Following the best practices outlined in this article will help you successfully add data to your OpenLDAP database.

For further assistance, please contact Symas support.